Execution environment file inventory

US 10,360,382 B2
Filed: 01/27/2017
Issued: 07/23/2019
Est. Priority Date: 03/27/2006
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer readable media having container management and protection logic encoded therein for managing a system of containers accessible to a computer system, wherein the container management and protection logic, when executed by one or more processors, is to:

intercept, dynamically, an operation request in the computer system that is to affect a targeted container in the system of containers;

allow the operation request based on a determination that the targeted container is not identified in an inventory of protected containers in the system of containers;

block an additional operation request to change one or more of the containers in the system of containers if the additional operation request would cause a delta of the inventory from a gold image inventory to exceed a threshold, wherein the delta is quantified as an absolute number of items in the inventory, as a ratio of a size of the inventory to a size of the gold image inventory, or as a ratio of a size of an intersection of the inventory and the gold image inventory to the size of the gold image inventory;

determine a new executable file was created by allowing the operation request;

identify an entity that performed an initiation of the operation request; and

update the inventory of protected containers with an identifier of the new executable file based, at least in part, on a determination that the identified entity is authorized, based on a change authorization policy, to make changes to the targeted container.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.

428 Citations

17 Claims

1. One or more computer readable media having container management and protection logic encoded therein for managing a system of containers accessible to a computer system, wherein the container management and protection logic, when executed by one or more processors, is to:
- intercept, dynamically, an operation request in the computer system that is to affect a targeted container in the system of containers;
  
  allow the operation request based on a determination that the targeted container is not identified in an inventory of protected containers in the system of containers;
  
  block an additional operation request to change one or more of the containers in the system of containers if the additional operation request would cause a delta of the inventory from a gold image inventory to exceed a threshold, wherein the delta is quantified as an absolute number of items in the inventory, as a ratio of a size of the inventory to a size of the gold image inventory, or as a ratio of a size of an intersection of the inventory and the gold image inventory to the size of the gold image inventory;
  
  determine a new executable file was created by allowing the operation request;
  
  identify an entity that performed an initiation of the operation request; and
  
  update the inventory of protected containers with an identifier of the new executable file based, at least in part, on a determination that the identified entity is authorized, based on a change authorization policy, to make changes to the targeted container.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The one or more computer readable media of claim 1, wherein a determination of whether the identified entity is authorized to make changes to the targeted container is based, at least in part, on a categorization of the identified entity.
  - 3. The one or more computer readable media of claim 1, wherein the identified entity is determined to be authorized to make changes to the targeted container based on a determination that the identified entity is authorized to make changes at any time to containers identified in the inventory of protected containers.
  - 4. The one or more computer readable media of claim 1, wherein the identified entity is determined to be authorized to make changes to the targeted container based on a determination that the computer system is in an update mode and that the identified entity is authorized to make changes to containers identified in the inventory of protected containers while the computer system is in the update mode.
  - 5. The one or more computer readable media of claim 1, wherein the inventory of protected containers is not updated with an identifier of the new executable file if the identified entity is determined to not be authorized to make changes to the targeted container.
  - 6. The one or more computer readable media of claim 1, wherein a determination of whether the identified entity is authorized to make changes to the targeted container is based, at least in part, on a digital authentication of the identified entity.
  - 7. The one or more computer readable media of claim 1, wherein the determination of whether the identified entity is authorized to make changes to the targeted container is dependent, at least in part, on a date and time at which the operation request is received by the computer system.
  - 8. The one or more computer readable media of claim 1, wherein the operation request is associated with a writing operation, a renaming operation, a moving operation, or a deleting operation of the targeted container.
  - 9. The one or more computer readable media of claim 1, wherein the identified entity is one of a user or a software program.
  - 10. The one or more computer readable media of claim 1, wherein the inventory of protected containers is associated with a plurality of hosts and is used to authorize additional operation requests to change one or more of the containers in the system of containers.
  - 11. The one or more computer readable media of claim 1, wherein the determination that the targeted container is not identified in the inventory of protected containers includes comparing an identifier of the targeted container to one or more identifiers in the inventory.

12. A system, comprising:
- a computer system including logic, the logic at least partially comprising hardware logic; and
  
  a storage system including a system of containers, the system of containers including a plurality of protected containers that collectively form an inventory of protected containers, wherein the logic, when executed on the computer system, is tointercept, dynamically, an operation request that is to affect a targeted container in the system of containers;
  
  allow the operation request based on a determination that the targeted container is not identified in the inventory of protected containers in the system of containers;
  
  block an additional operation request to change one or more of the containers in the system of containers if the additional operation request would cause a delta of the inventory from a gold image inventory to exceed a threshold, wherein the delta is quantified as an absolute number of items in the inventory, as a ratio of a size of the inventory to a size of the gold image inventory, or as a ratio of a size of an intersection of the inventory and the gold image inventory to the size of the gold image inventory;
  
  determine a new executable file was created by allowing the operation request;
  
  identify an entity that performed an initiation of the operation request; and
  
  update the inventory of protected containers with an identifier of the new executable file based, at least in part, on a determination that the identified entity is authorized, based on a change authorization policy, to make changes to the targeted container.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, wherein the identified entity is determined to be authorized to make changes to the targeted container based on a determination that the identified entity is authorized to make changes at any time to containers identified in the inventory of protected containers.
  - 14. The system of claim 12, wherein the identified entity is determined to be authorized to make changes to the targeted container based on a determination that the computer system is in an update mode and that the identified entity is authorized to make changes to containers identified in the inventory of protected containers while the computer system is in the update mode.
  - 15. The system of claim 12, wherein a determination of whether the identified entity is authorized to make changes to the targeted container is based, at least in part, on a digital authentication of the identified entity.

16. A method of managing a system of containers accessible to a computer system by using an inventory of a plurality of protected containers in the system of containers, the method comprising:
- intercepting, dynamically, an operation request in the computer system that is to affect a targeted container in the system of containers;
  
  allowing the operation request based on a determination that the targeted container is not identified in an inventory of protected containers in the system of containers;
  
  blocking an additional operation request to change one or more of the containers in the system of containers if the additional operation request would cause a delta of the inventory from a gold image inventory to exceed a threshold, wherein the delta is quantified as an absolute number of items in the inventory, as a ratio of a size of the inventory to a size of the gold image inventory, or as a ratio of a size of an intersection of the inventory and the gold image inventory to the size of the gold image inventory;
  
  determining a new executable file was created by allowing the operation request;
  
  identifying an entity that performed an initiation of the operation request; and
  
  updating the inventory of protected containers with an identifier of the new executable file based, at least in part, on a determination that the identified entity is authorized, based on a change authorization policy, to make changes to the targeted container.
- View Dependent Claims (17)
- - 17. The method of claim 16, wherein a determination of whether the identified entity is authorized to make changes to the targeted container is based, at least in part, on a categorization of the identified entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Bhargava, Rishi, Sebes, E. John
Primary Examiner(s)
Vu, Tuan A

Application Number

US15/417,334
Publication Number

US 20170140168A1
Time in Patent Office

907 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

Execution environment file inventory

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

428 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Execution environment file inventory

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

428 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links